|Targeted Advertising / Online Profiling|
- Privacy |
- Fair Info Practices
- 4th Amendment
- - ECPA
- - FISA
- - Patriot Act
- - Expectation
- - Cybersecurity
- - ID Theft
- - Spyware
- - Children's Privacy
- - COPPA
- - Cookies
- - Social Networks
- - Advertising
- - Online Profiling
- - Privacy Policies
- - Enforcement
- - CPNI
- - Cable
- - CALEA
Dept of Commerce
- - NTIA
- - NIST
- - EU Safe Harbors
- The Feds
- - Pri.Protection Act
- - Privacy Act
- - Pri. Impact Statements
- - Info Law
- - The Press
- - Location Based Services
Derived From: Online Profiling: A Report to Congress, FTC (June 2000) (Editor's Note: Please keep in mind that this description was written in 2000; the market and situation has evolved substantially)
Over the past few years, online advertising has grown exponentially in tandem with the World Wide Web. A large portion of that online advertising is in the form of "banner ads" displayed on Web pages - small graphic advertisements that appear in boxes above or to the side of the primary site content. Currently, tens of billions of banner ads are delivered to consumers each month as they surf the World Wide Web. Often, these ads are not selected and delivered by the Web site visited by a consumer, but by a network advertising company that manages and provides advertising for numerous unrelated Web sites.
In general, these network advertising companies do not merely supply banner ads; they also gather data about the consumers who view their ads. This is accomplished primarily by the use of "cookies" and "Web bugs" which track the individual's actions on the Web [it is also through the use of Deep Packet Inspection]. Among the types of information that can be collected by network advertisers are: information on the Web sites and pages within those sites visited by consumers; the time and duration of the visits; query terms entered into search engines; purchases; "click-through" responses to advertisements; and the Web page a consumer came from before landing on the site monitored by the particular ad network (the referring page). All of this information is gathered even if the consumer never clicks on a single ad.
The information gathered by network advertisers is often, but not always, anonymous, i.e., the profiles are frequently linked to the identification number of the advertising network's cookie on the consumer's computer rather than the name of a specific person. This data is generally referred to as non-personally identifiable information ("non-PII"). In some circumstances, however, the profiles derived from tracking consumers' activities on the Web are linked or merged with personally identifiable information ("PII"). This generally occurs in one of two ways when consumers identify themselves to a Web site on which the network advertiser places banner ads. First, the Web site to whom personal information is provided may, in turn, provide that information to the network advertiser. Second, depending upon how the personal information is retrieved and processed by the Web site, the personally identifying information may be incorporated into a URL string that is automatically transmitted to the network advertiser through its cookie.
Once collected, consumer data can be analyzed and combined with demographic and "psychographic" data from third-party sources, data on the consumer's offline purchases, or information collected directly from consumers through surveys and registration forms. This enhanced data allows the advertising networks to make a variety of inferences about each consumer's interests and preferences. The result is a detailed profile that attempts to predict the individual consumer's tastes, needs, and purchasing habits and enables the advertising companies' computers to make splitsecond decisions about how to deliver ads directly targeted to the consumer's specific interests.
The profiles created by the advertising networks can be extremely detailed. A cookie placed by a network advertising company can track a consumer on any Web site served by that company, thereby allowing data collection across disparate and unrelated sites on the Web. Also, because the cookies used by ad networks are generally persistent, their tracking occurs over an extended period of time, resuming each time the individual logs on to the Internet. When this "clickstream" information is combined with third-party data, these profiles can include hundreds of distinct data fields.
Although network advertisers and their profiling activities are nearly ubiquitous, they are most often invisible to consumers. All that consumers see are the Web sites they visit; banner ads appear as a seamless, integral part of the Web page on which they appear and cookies are placed without any notice to consumers. Unless the Web sites visited by consumers provide notice of the ad network's presence and data collection, consumers may be totally unaware that their activities online are being monitored.
An Illustration of How Network Profiling Works
Online consumer Joe Smith goes to a Web site that sells sporting goods. He clicks on the page for golf bags. While there, he sees a banner ad, which he ignores as it does not interest him. The ad was placed by USAad Network. He then goes to a travel site and enters a search on "Hawaii." USAad Network also serves ads on this site, and Joe sees an ad for rental cars there. Joe then visits an online bookstore and browses through books about the world's best golf courses. USAad Network serves ads there, as well. A week later, Joe visits his favorite online news site, and notices an ad for golf vacation packages in Hawaii. Delighted, he clicks on the ad, which was served by the USAad Network. Later, Joe begins to wonder whether it was a coincidence that this particular ad appeared and, if not, how it happened.
Embedded in the HTML code that Joe's browser receives from the sporting goods site is an invisible link to the USAad Network site which delivers ads in the banner space on the sporting goods Web site. Joe's browser is automatically triggered to send an HTTP request to USAad which reveals the following information: his browser type and operating system; the language(s) accepted by the browser; the address of the referring Web page (in this case, the home page of the sporting goods site); and the identification number and information stored in any USAad cookies already on Joe's computer. Based on this information, USAad will place an ad in the pre-set banner space on the sporting goods site's home page. The ad will appear as an integral part of the page. If an USAad cookie is not already present on Joe's computer, USAad will place a cookie with a unique identifier on Joe's hard drive. Unless he has set his browser to notify him before accepting cookies, Joe has no way to know that a cookie is being placed on his computer. When Joe clicks on the page for golf bags, the URL address of that page, which discloses its content, is also transmitted to USAad by its cookie.
When Joe leaves the sporting goods site and goes to the travel site, also serviced by USAad, a similar process occurs. The HTML source code for the travel site will contain an invisible link to USAad that requests delivery of an ad as part of the travel site's page. Because the request reveals that the referring site is travel related, USAad sends an advertisement for rental cars. USAad will also know the identification number of its cookie on Joe's machine. As Joe moves around the travel site, USAad checks his cookie and modifies the profile associated with it, adding elements based on Joe's activities. When Joe enters a search for "Hawaii," his search term is transmitted to USAad through the URL used by the travel site to locate the information Joe wants and the search term is associated with the other data collected by the cookie on Joe's machine. USAad will also record what advertisements it has shown Joe and whether he has clicked on them.
This process is repeated when Joe goes to the online bookstore. Because USAad serves banner ads on this site as well, it will recognize Joe by his cookie identification number. USAad can track what books Joe looks at, even though he does not buy anything. The fact that Joe browsed for books about golf courses around the world is added to his profile.
Based on Joe's activities, USAad infers that Joe is a golfer, that he is interested in traveling to Hawaii someday, and that he might be interested in a golf vacation. Thus, a week later, when Joe goes to his favorite online news site, also served by USAad, the cookie on his computer is recognized and he is presented with an ad for golf vacation packages in Hawaii. The ad grabs his attention and appeals to his interests, so he clicks on it.
Profiling Benefits and Privacy Concerns
Additionally, a number of commenters stated that targeted advertising helps to subsidize free content on the Internet. By making advertising more effective, profiling allows Web sites to charge more for advertising. This advertising revenue helps to subsidize their operations, making it possible to offer free content rather than charging fees for access.
Finally, one commenter suggested that profiles can also be used to create new products and services. First, entrepreneurs could use consumer profiles to identify and assess the demand for particular products or services. Second, targeted advertising could help small companies to more effectively break into the market by advertising only to consumers who have an interest in their products or services.
In sum, targeted advertising can provide numerous benefits to both business and consumers.
Despite the benefits of targeted advertising, there is widespread concern about current profiling practices. Many commenters at the Workshop objected to network advertisers' hidden monitoring of consumers and collection of extensive personal data without consumers' knowledge or consent; they also noted that network advertisers offer consumers few, if any, choices about the use and dissemination of their individual information obtained in this manner. As one of the commenters put it, current profiling practices "undermine individuals' expectations of privacy by fundamentally changing the Web experience from one where consumers can browse and seek out information anonymously, to one where an individual's every move is recorded."
The most consistent and significant concern expressed about profiling is that it is conducted without consumers' knowledge. The presence and identity of a network advertiser on a particular site, the placement of a cookie on the consumer's computer, the tracking of the consumer's movements, and the targeting of ads are simply invisible in most cases. This is true because, as a practical matter, there are only two ways for consumers to find out about profiling at a particular site before it occurs. The first is for Web sites that use the services of network advertisers to disclose that fact in their privacy policies. Unfortunately, this does not typically occur. As the Commission's recent [year 2000] privacy survey discovered, although 57% of a random sample of the busiest Web sites allowed third parties to place cookies, only 22% of those sites mentioned third-party cookies or data collection in their privacy policies; of the top 100 sites on the Web, 78% allowed third-party cookie placement, but only 51% of those sites disclosed that fact. The second way for consumers to detect profiling is to configure their browsers to notify them before accepting cookies. One recent survey indicates, however, that only 40% of computer users have even heard of cookies and, of those, only 75% have a basic understanding of what they are.
The second most persistent concern expressed by commenters was the extensive and sustained scope of the monitoring that occurs. Unbeknownst to most consumers, advertising networks monitor individuals across a multitude of seemingly unrelated Web sites and over an indefinite period of time. The result is a profile far more comprehensive than any individual Web site could gather. Although much of the information that goes into a profile is fairly innocuous when viewed in isolation, the cumulation over time of vast numbers of seemingly minor details about an individual produces a portrait that is quite comprehensive and, to many, inherently intrusive.
For many of those who expressed concerns about profiling, the privacy implications of profiling are not ameliorated in cases where the profile contains no personally identifiable information. First, these commenters felt that the comprehensive nature of the profiles and the technology used to create them make it reasonably easy to associate previously anonymous profiles with particular individuals. This means that anyone who obtains access to ostensibly anonymous data - either by purchasing the data or hacking into it - might be able to mine the data and link it to identifiable individuals. Second, commenters feared that companies could unilaterally change their operating procedures and begin associating personally identifiable information with non-personally identifiable data previously collected. Third, commenters noted that, regardless of whether they contain personally identifiable information, profiles are used to make decisions about the information individuals see and the offers they receive. These commenters expressed concern that companies could use profiles to determine the prices and terms upon which goods and services, including important services like life insurance, are offered to individuals (for example, products might be offered at higher prices to consumers whose profiles indicate that they are wealthy, or insurance might be offered at higher prices to consumers whose profiles indicate possible health risks).44 This practice, known as "weblining," raises many of the same concerns that "redlining" and "reverse redlining" do in offline financial markets.
Another concern expressed by commenters is that, as consumers begin to learn more about companies' monitoring activities, fear of online monitoring will discourage valuable uses of the Internet that are fostered by its perceived anonymity. As one commenter noted:The anonymity that the Internet affords individuals has made it an incredible resource for those seeking out information. Particularly where the information sought is on controversial topics such as sex, sexuality, or health issues such as HIV, depression, and abortion; [sic] the ability to access information without risking identification has been critical.
Indeed, in support of this point, this commenter cites studies that it believes suggest that, in both the online and offline world, the perceived anonymity of computer research facilitates access to these kinds of sensitive information. By chilling use of the Internet for such inquiries, several commenters asserted, profiling may ultimately prevent access to important kinds of information.
Finally, some commenters expressed the opinion that targeted advertising is inherently unfair and deceptive. They argued that targeted advertising is manipulative and preys on consumers' weaknesses to create consumer demand that otherwise would not exist, and that, as a result, targeted advertising undermines consumers' autonomy.
Ultimately, consumers' privacy concerns are businesses' concerns; the electronic marketplace will not reach its full potential unless consumers become more comfortable browsing and purchasing online. That comfort is unlikely to come unless consumers are confident (1) that they are notified at the time and place information is collected who is collecting information about them, what information is being collected, and how it will be used and (2) that they can choose whether their personal information is gathered, how it is used, and to whom it is disseminated.
The report discusses the potential benefits of behavioral advertising to consumers, including the free online content that advertising generally supports and personalization that many consumers appear to value. It also discusses the privacy concerns that the practice raises, including the invisibility of the data collection to consumers and the risk that the information collected - including sensitive information regarding health, finances, or children - could fall into the wrong hands or be used for unanticipated purposes. Consistent with the FTC's overall approach to consumer privacy, the report seeks to balance the potential benefits of behavioral advertising against the privacy concerns it raises, and to encourage privacy protections while maintaining a competitive marketplace.
The report points out that most of the public comments the FTC received concern the scope of the proposed principles. For example, commenters discussed whether it is necessary to provide privacy protections for data that is not personally identifiable. In response, the report states that privacy protections should cover any data that reasonably can be associated with a particular consumer or computer or other device.
Also, commenters questioned the need to apply the principles to (1) "first party" behavioral advertising, in which a Web site collects consumer information to deliver targeted advertising at its site, but does not share any of that information with third parties, and (2) contextual advertising, which targets advertisements based on the Web page a consumer is viewing or a search query the consumer has made, and involves little or no data storage. The report concludes that fewer privacy concerns may be associated with "first-party" and "contextual" advertising than with other behavioral advertising, and concludes that it is not necessary to include such advertising within the scope of the principles. The report notes, however, that regardless of the scope of the principles, companies must still comply with all applicable privacy laws, some of which may impose requirements that are similar to those established by the principles.
The report also provides additional guidance regarding each of the four principles and sets forth revised principles reflecting this guidance. The first principle - transparency and consumer control - remains unchanged from the proposed principles. Accordingly, Web sites are expected to provide clear and prominent notice regarding behavioral advertising, as well as an easily accessible way for consumers to choose whether to have their information collected for such purpose. Noting that privacy policies posted on companies' Web sites often are long and difficult to understand, the report encourages firms to design creative and effective disclosure mechanisms that are separate from their privacy policies. The report also states that companies that collect information outside the traditional Web site context - for example, through a mobile device or by an Internet Service Provider - should develop disclosure mechanisms that are meaningful and effective for these contexts.
In addition, the report continues to urge companies to provide reasonable security for any data they collect for behavioral advertising and to retain data only as long as it is needed to fulfill a legitimate business or law enforcement need.
Finally, due to the heightened privacy concerns raised by the collection and use of consumers' sensitive data, the report continues to urge companies to obtain affirmative express consent before collecting such data for behavioral advertising. The report states that FTC staff has traditionally considered financial information, information about children, health
information, and Social Security numbers to be sensitive, but encourages stakeholders to develop more specific standards to address this issue.
: ADA : Broadband : Crime : Copyright : DNS : ECommerce : EGovt : First Amendment : Digital Divide :
: Network Neutrality : Intl : Privacy : Security : SPAM : Statistics : VoIP : Vote : And Much More! :
:: Feedback : Disclaimer ::